What will be covered in this post

1. Foreword: What will be covered in this blog post.
2. Hybrid, Distributed-Cloud and Multi-cloud management Approaches
3. How is Microsoft Azure leading this space?
4. What tools and techniques does Microsoft offer for hybrid, distributed cloud and multi-cloud management.
5. How Azure Arc is leading this space?
6. Azure Arc use-cases
7. Azure Arc Pricing (service and add-ons)
8. Conclusion

Foreword

Cloud computing came with an overwhelming set of benefits, convenience, and features; so much so that it become an unavoidable choice for almost all the organizations around the globe. A prediction made in 2019 by Gartner (here) reads most (whooping 80%) of the organizations will be closing their datacenter by 2025 by moving workloads to cloud.

Above Gartner studies indicate a great zeal to get benefit of cloud computing, by organizations, around the world.

Today, Cloud computing has already enabled thousands of businesses to become more productive, agile, secure, scalable, and efficient. Organizations have become efficient by reducing the go-to-market time for their products/services along with a improved service delivery and customer satisfaction.

Another interesting and related Gartner study (here) indicates that companies which had embarked on cloud services, have made cloud as their first preference.

Journey to cloud is not limited to single cloud provider. A single cloud provider cannot meet all the organization needs and preferences. and similarly not all the services can be migrated / transitioned to cloud. Hence organizations must adopt hybrid, multi-cloud and/or distributed-cloud approach for their distributed-yet-integrated services.

A Gartner prediction (here) made in 2020 (which seems to be very close to reality today) read:

“By 2021, over 75% of midsize and large organizations will have adopted a multicloud and/or hybrid IT strategy.”

Gartner Prediction – 2020

However, organizations embarking on this cloud journey, face new challenges around selecting the right cloud strategy (hybrid, multi-cloud or distributed cloud), and most importantly the most efficient set of tools which enable these organizations to perform unified monitoring, management and governance across such distributed platform. These challenges impact the decisions necessary for establishing the right cloud strategy.

This blog aims to discuss these varied cloud strategies, as well as challenges around them.

Different Cloud Strategies AND the need for unified management

Hybrid Cloud

In a hybrid, the public cloud services are couple-up with on-premises (or private cloud) to offer the integrated-service in a coordinated manner. This model offers a unified, flexible, and cost-optimal IT infrastructure across public cloud and private cloud or on-premises.

Adopting cloud is not so easy (or quick) especially for the organizations with existing on-premises (or private cloud) footprint. Cloud adoption is a journey which such organizations must go through. Hybrid is a usual way to move ahead as it makes the journey a lot easier. It offers various use-cases such as:

1. Ability to control what to be shared and what needs to be kept private (driven by data sovereignty and residency compliance requirements)
2. Reap service benefits of cloud (i.e. scalability, bursting, availability etc.) while data or subset of the service on-premises / private
3. Leverage Cloud as the disaster recovery for services on-premises (or vice versa).
4. Improve customer experience and time-to-market (with agility and faster innovation i.e. DevOps, DevSecOps, AIOps, MLOps etc.)

Benefits: Hybrid cloud model provide an distributed, integrated and secured environment which offers great flexibility and productivity. Organizations are enabled to integrate confidential data from the private environment with their applications running in the cloud. The organization decides which applications, data, and resources can be put in the public cloud, which need to be kept in a private environment, and how this information is sent and received between them.

Challenge: In a hybrid model, the on-premises (or private cloud) end is solely responsibility of customer (including design, monitor, management and operations) while the other end (cloud) is managed by the public cloud provider with a shared responsibility (depending on cloud model used i.e., IaaS, PaaS or SaaS). Hence, it becomes extremely important, for the organization, to monitor, manage and govern both the ends of the hybrid-service, preferably from a centralized place and in a simplified manner.

Multicloud

Multicloud is the use of multiple cloud computing and storage services in a single heterogeneous architecture. This also refers to the distribution of cloud assets, software, applications, etc. across several cloud-hosting environments.

Wikipedia: https://en.wikipedia.org/wiki/Multicloud

Deciding which public cloud to adopt is not an easy choice either. A single cloud provider might not fit all the needs and hence organizations may have to adopt a multi-cloud strategy to remain compliant and efficient. Every cloud provider and cloud service provider has its specialties and dominance in one or more areas. That’s why an organization, focusing on user experience and reliable service delivery, may found the best combination of supporting tools across different cloud providers. Hence multi-cloud strategy is almost an unavoidable one.

An interesting Gartner study (here), by Jeffrey Hewitt, provide insights into the major challenges with Multicloud strategy:

Benefits: Multi-cloud is an increasingly viable strategy for many organizations around the world due to various diversified business needs such as

Compliance requirements:
1. Avoiding vendor lock-in
2. Cross-cloud disaster recovery

Technological requirements:
1. Leveraging server-less computing
2. Leveraging Artificial intelligence and/or data management technologies etc.

Challenge: Multicloud strategy requires a great deal of planning, skillsets and most importantly the right set of tooling.

Most of the management tools exist today (specially the recently arrived ones) are cloud-focused with some level of integration to “legacy” hybrid / on-premises workloads. However, these tools do not yet provide full management coverage for hybrid-cloud, multi-cloud and/or distributed-cloud.

Distributed Cloud:

Similarly, not every workload is suitable or migratable or modernizable for cloud. Hence IoT and edge computing is a much-needed reality. This brings distributed cloud strategy into the picture.

Gartner, on Aug 12, 2020, introduced (here) a cloud computing concept named “distributed cloud”. Gartner’s definition of distributed cloud is read as:

“Distributed cloud computing is the first cloud model that incorporates physical location of cloud-delivered services as part of its definition. This is a significant shift from the virtually centralized model of most public cloud services and the model associated with the general cloud concept. It will lead to a new era in cloud computing.”

Distributed cloud is focused around three concepts:

1. Public cloud
2. Hybrid cloud
3. Edge computing

In a distributed-cloud model, a public cloud provider offers a packaged hybrid offering (which is essentially a set of cloud services, necessary hardware, and software) that can be distributed to different locations such as on-premises (or edge) or even any other public cloud.

Benefits: Contrary to Hybrid model or multiload model, the principal public cloud assumes ownership, management, governance, and evolution of this packaged hybrid offer/service throughout its lifecycle.

Challenge: Since the packaged hybrid offering is developed, bundled and supported by the public cloud provider, the native / generic tools do not offer supportability and good coverage for monitoring or managing these packages services.

The Common Challenge

With such a mess mesh of distributed services, one big and common challenge (applicable to all of the cloud computing strategies) is introduced: The unified management and monitoring.

The traditional tools, originally (and natively) built for the monitoring or management of traditional/legacy IT, are applicable no more, but may be partial. Hence there is a dire need of modern, re-imagined set of tools, that are robust and versatile to enable organizations monitor, manage and govern their distributed infrastructure and services, from a unified place, regardless of location.

The Solution (or a step closer)

There are numerous tools and technologies which remain common across the cloud-providers’ offerings and customers often find multi cloud or distributed cloud or hybrid as the most suitable approach. Realizing this fact, cloud-providers are also shifting their strategy to provide comprehensive set of tools (mainly around these common offerings) which are supportable across broad spectrum of public clouds, hybrid, and on-premises workloads. And no surprise that these tools itself are cloud based, to leverage the power-of-cloud (Tools for the clouds, from the cloud).

This is also a strategical move for the major public-cloud providers. Because, the tool chosen by an organization for unified governance, monitoring and management will eventually provide an upper hand on overall cloud strategy for that organization, hence in-return it will impact in increased adoption (and consumption) of that particular cloud, as compared to another clouds.

The public clouds offer “fast-evolving technologies and advancements”. Almost all leading public clouds are evolving so fast that management-tools evolution can hardly match the speed. However, logically speaking, the one (public cloud) who is able to match the innovation speed will get the biggest share. It is a healthy competition, much needed for the situation.

The objective is simple: To enable customers with ability to manage, govern and secure their services no matter where there services are, from a single pane of glass.

Microsoft’s Vision and Position:

Who could be in a better position than Microsoft, when it comes to providing integrated set of tools that integrate with Active Directory, Windows OS platform and Edge/distributed cloud solutions like Azure Stack HCI, Kubernetes cluster and so on.

Microsoft’s above vision (here), is built on following goals:

1. Providing capability to deploy cloud-native and consistent app experience, anywhere.
2. Make it possible to easily move, monitor and manage above applications and data, anywhere.
3. Unlock power of Azure (such as governance, policy tools) the for managing hybrid, multi-cloud and distributed-cloud (edge) resources.

Recently Microsoft has taken this strength to another level by expanding its hybrid-portfolio towards multi-cloud and distributed-cloud offerings. Following technologies help organizations to achieve the same:

Each of above technology / product require its own exploration. However, for the sake of this blog, we will focus on Microsoft Azure Arc which pins-down the hybrid cloud, multi cloud and distributed cloud management.

Microsoft Azure Arc

The Launch of Azure Arc:

Microsoft introduced Azure Arc technology – on November 4^th 2019 (here) – as:

“Customers can now have a consistent and unified approach to managing different environments using robust, established capabilities such as Azure Resource Manager, Microsoft Azure Cloud Shell, Azure portal, API, and Microsoft Azure Policy.

With Azure Arc, developers can build containerized apps with the tools of their choice and IT teams can ensure that the apps are deployed, configured, and managed uniformly using GitOps-based configuration management.

Finally, Azure Arc makes it easier to implement cloud security across environments with centralized role-based access control and security policies.”

What is Azure Arc?

Azure Arc enable organizations to expand their visibility (through unified Azure portal) and control (operations and compliance) on infrastructure and services beyond Azure Cloud, no matter where they are. It is an evolving technology, however at the time of writing this blog, it offers following amazing capabilities around hybrid and multicloud management:

1. Leverage Azure control plane to manage resources (i.e. Windows and Linux servers, SQL server, Kubernetes clusters, and Azure Arc-enabled data services such as Arc-enabled SQL Managed Instance, Arc-enabled PostgreSQL Hyperscale, Arc-enabled Machine Learning etc.). It covers:
   • Reflect Arc enabled server as an Azure VM
   • Resource inventory and organization through Azure resource group and tags
   • Indexing and searching through Azure Resource Graph
   • Access and security through RBAC and subscriptions
   • Environments and automation through templates and extensions
2. Perform virtual machine (VM) lifecycle management for Azure Stack HCI and VMware environments from a centralized location.
3. Meet governance and compliance standards for apps, infrastructure, and data with Azure Policy guest configuration (i.e. password policies, encryption protocols, administrative access, or validation of operational standards such as certificate expiration and network connectivity)
4. Delegate access and manage security policies for resources using role-based access control (RBAC) and Azure Lighthouse.
   • Extremely helpful for managed services provider to expand their management across customer’s on-premises, hybrid and/or multi-cloud footprint by leveraging Azure Lighthouse.

Use-cases

There are various use cases for leveraging Azure Arc technology, however few prominent ones (filtered from Microsoft Azure Architecture Center) are listed below:

1.       Manage configurations for Azure Arc enabled servers (link)

This scenario explains how Azure Arc enables you to manage, govern, and secure servers across on-premises, multiple cloud, and edge scenarios.

Typical uses for this architecture include:

• Organize, govern, and inventory large groups of virtual machines (VMs) and servers across multiple environments.
• Enforce organization standards and assess compliance at scale for all your resources anywhere with Azure Policy.
• Easily deploy supported VM extensions to Arc enabled servers.
• Configure and enforce Azure Policy for VMs and servers hosted across multiple environments.

For more read, refer to this link here.

2.      Azure Arc hybrid management and deployment for Kubernetes clusters (link)

This scenario explains how Azure Arc extends Kubernetes cluster management and configuration across customer data centers, edge locations, and multiple cloud environments.

Typical uses for this architecture include:

• Managing on-premises Kubernetes clusters alongside clusters hosted in AKS for inventory, grouping, and tagging.
• Monitoring Kubernetes clusters across hybrid environments using Azure Monitor.
• Deploying and enforcing policies for Kubernetes clusters across hybrid environments using Azure Policy.
• Deploying and enforcing GitOps using Azure Policy.

For more read, refer to this link here.

3.       Optimize administration of SQL Server instances in on-premises and multi-cloud environments by using Azure Arc

This scenario explains how to leverage Azure Arc for management, maintenance, and monitoring of SQL Server instances in on-premises and multi-cloud environments.

Typical uses for this architecture include:

• Assessing Azure Arc enabled SQL Server configuration, availability, performance, and compliance by using Azure Monitor.
• Detecting and remediating security threats targeting Azure Arc enabled SQL Server by using Microsoft Defender for Cloud and Microsoft Sentinel.
• Automating deployment and management of Azure Arc enabled SQL Managed Instance on Azure Arc enabled Kubernetes in on-premises and multi-cloud environments.
• Automating deployment and management of Azure Arc enabled SQL Managed Instance on Azure Kubernetes Service (AKS) on Azure Stack HCI.

Pricing

Azure Arc extends management and services from Azure to any infrastructure. As an extension of Azure, it offers the below core control plane at no cost to customers, while preserving consistent pricing on all management and services originated from Azure.

• Resource inventory and organization through Azure resource groups and tags
• Indexing and searching through Azure Resource Graph
• Access and security through RBAC and subscriptions
• Environments and automation through templates and extensions

Below Azure Arc-enabled services will be charged consistently as in the original Azure services, excluding any customer-provided infrastructure costs.

• Arc enabled SQL Managed Instance
• Arc enabled PostgreSQL Hyperscale
• Arc enabled Machine Learning

Similarly,

1. Policy and Tags can be applied at an additional price. Require Add-On Azure Policy guest configurations to perform policy (6$ per server per month)
2. Require Add-On Azure Monitor (Log Analytics agents) to perform monitoring and using features like Automation (update management, inventory etc.)
3. Require Add-On Azure Defender for performing security
4. Multiple Add-Ons are in preview for Kubernetes

Visit following pricing link for more comprehensive and up to date prices for each service or add-ons: https://azure.microsoft.com/en-us/pricing/details/azure-arc/

Conclusion

Hybrid, Multi cloud and Distributed Cloud Strategies are no more a choice for organizations. It is a recommended and naturally-fit path which medium to large organizations resolve to. With a hybrid, multi or distributed cloud model, it is extremely important to have a unified place for monitoring, management and governance. However the tools and technologies available in market are not yet fully cooked / ready. It is an evolving space and hence competitive one as well (for good).

Microsoft has identified this area as a potential one and have been enhancing its offerings with a fast pace. Azure Arc is one of the tool (among others listed above) which is the heart of hybrid, multi-cloud and/or distributed-cloud strategy for organizations. Specially the ones which are leveraging Microsoft clouds (i.e. Azure, Dynamics and/or Office 365) and then the other clouds.

Azure Arc service comes with a price and add-ons. Various add-ons are in preview phase hence are offered free or on a lower price cost. From a value perspective, it makes the day-to-day life easy for administrators and managed services providers to manage distributed services.

There are still various improvement areas where Azure Arc and other tools can improve and add value. Hopefully we should see some of these improvements announced soon in future.

One and most important improvement, I would love to hear about, is the the tight (and two-way) integration of Azure Arc and associated technologies (i.e. Azure Security Center, Azure Monitor) with ITSM solutions. It can boost the adoption of Azure Arc multi-fold (which will naturally increase the adoption of Azure cloud). Also this improvement can bring Azure at the center of the strategy (hybrid, multi-cloud, distributed cloud) for an organization or managed services providers!!